Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

SIEM and Threat Hunting

621 Aufrufe

Veröffentlicht am

n|u Hyderabad Meet (Firetalks) - May 2018

Veröffentlicht in: Bildung
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

SIEM and Threat Hunting

  1. 1. SIEM and Threat HuntingMay 19, 2018 1 @ervikey @nullhyd
  2. 2. Agenda  Introduction to SOC and SIEM  SOC – What, Why and How  SIEM - Tools and terminology  Threat Hunting  CyberKill Chain  APT - Advanced persistent threats  IoC -Indicators Of Compromise  IoA - indicators of attack  TTP - Tactics, Techniques and Procedures 2
  3. 3. SOC  A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. 3 SOC protect report identify investigate
  4. 4. Compliance Requirement 4  PCI DSS  HIPPA  FISMA  etc.. etc..
  5. 5. SIEM AccelOps SIEM,Alert Logic,AlienVault,Blue Lance,Centrify,CorreLog,Dell Intrust,Dell SecureWorks,eIQ,ELK Stack,EventGnosis,EventTracker,GFI EventsManager,HP ArcSight,IBM QRadar,Immune Security,Juniper STRM,Logalyze,LogLogic,LogPoint,LogRhythm,Logsign,Manag eEngine,McAfee ESM,NetIQ,Netwrix,RSA enVision,RSA Security Analytics,SenSage,SolarWinds,Splunk,SumoLogic 5
  6. 6. Incident Response 6 Identify Detect Contain Eradicate Recover
  7. 7. Threat Hunting 7 Investigate via Tools and Techniques Uncover New TTPs Automated analytics Create Hypotheses
  8. 8. CyberKill - Chain 8 Objectives Command &Control Lateral Movement ExploitationDeliveryWeaponRecon
  9. 9. IOC  virus signatures  IP addresses  URLs or domains  hash values  registry keys  filenames,  HTTP user agents Open Source Threat Intel :-  OTX,OpenIOC,STIX,cybox 9
  10. 10. IOA  Series of actions that an adversary must conduct in order to succeed.  All actions done by the attacker in order to prepare his attacks.  All the “signs” left by the attacker in earlier stages of the attack. Indicators of Attack
  11. 11. IoC vs. IoA  IoC’s are reactive indicators while IoA’s are proactive indicators  IoC’s can be used after a point in time, while IoA’s are used in real time  IoC’s are known, universal bad news, while IoA’s only become bad based on what they mean to you and the situation 11
  12. 12. Tactics, Techniques and Procedures (ATT&CK framework) 12
  13. 13. 13
  14. 14. Thank You ! 14

×